1# 2# sc_BlackList.conf, multi_dnsbl.conf 3# Configuration for sc_BLcheck.pl, sc_BLpreen.pl, and Net::DNSBL::MultiDaemon 4# 5# version 1.02, 6-13-13 6# 7my $DNSBL = { 8 9## additional KEYS may be included with an INCLUDE statement of the form: 10# 11# INCLUDE => 'path/to/file.conf', 12# 13# this file may include an INCLUDE statement, as may the next, etc... 14# 15# 16## Net::DNSBL::MultiDaemon parameters 17 18# the OPTIONAL name of a file that will contain 'hit' statistics for DNSBLS 19# this file will be used to seed the sort order of DNSBL checking if it is 20# present and will be updated with the 'added' counts of each run. If it 21# is deleted, it will be recreated with a new time tag at the beginning. 22# 23 MDstatfile => '/usr/local/spamcannibal/mdstats.txt', 24 25# The path for the directory where the pid file will live 26# 27 MDpidpath => '/var/run', 28 29# The zone name for this PSEUDO DNSBL 30# 31 MDzone => 'pseudo.dnsbl', 32 33###### The following optional configuration parameters 34###### are shown with their default values 35# 36# Update frequency for the "stats" file, no 37# update occurs if there is no new information 38# 39# MDstatrefresh => 300, # seconds 40# The IPaddress that the daemon will listen on. 41# The default will listen on ALL interfaces, 42# this is probably not what you want. A more 43# suitable value for co-installation with bind 44# on the same host would be 127.0.0.1 45# 46 MDipaddr => '127.0.0.1', 47 48# The port that the daemon will listen on 49# 50 MDport => 12000, 51 52# Syslog facility. Specify one of: 53# LOG_EMERG LOG_ALERT LOG_CRIT LOG_ERR LOG_WARNING LOG_NOTICE LOG_INFO LOG_DEBU 54# 55 MDsyslog => 'LOG_ERR', 56 57# DNSBL lookup cache, uses the TTL provided by the lookup DNSBL 58# this is only useful for STANDALONE operation. When used as 59# an add-on to BIND, BIND will provide the caching 60# cache size below 10000 will default to 10000. 61# suggested cache size 20,000 to 50,000 62# each cache entry takes about 400 bytes 63# 64# MDcache => 10000, 65 66# Do rhbl lookups only, default false 67# all other rejection classes are disabled, IGNORE, BLOCK, BBC, in-addr.arpa 68# RHBL need only be "true" for operation. If OPTIONAL URBL conditioning 69# is needed, then the parameters in the has must be added 70 RHBL => { # optional URBL preparation 71 urblwhite => [ 72 'cache/white', 73 ], 74# NOTE: level 3 tld's should be first before level 2 tld's 75 urbltlds => [ 76 'cache/level3', 77 'cache/level2', 78 ], 79 }, 80 81 82# FOR A COMPREHENSIVE LIST OF ALL DNSBL ZONES, SEE: 83# http://www.openrbl.org 84# click "zones" 85# 86# all dnsbl servers must have a record a config entry as follows: 87# 88# 'zone.name' => { 89 acceptany => 'comment - treat any response as valid', 90# # or 91# accept => { # a list of codes that are ok to add to tarpit from this DNSBL 92# '127.0.0.2' => 'reason', 93# '127.0.0.3' => 'reason', 94# }, 95# 96# WARNING !!! DO NOT USE THIS OPTION WITH DNSBL HOSTS THAT REPORT TARPIT ACTIVITY 97# 98# confirm => 1, # optional, confirmation of acceptance of non - 127.0.0.2 codes 99# 100# response => '127.0.0.3', # optional, our default response code for records 101# # added because of queries to this DNSBL server 102# # this code will be ignored if it is < 127.0.0.3 103# # and 127.0.0.3 will be used in its place 104# 105# error message to use with this host. 106# NOTE: if the DNSBL supplies a TXT record and it contains the string "http://something..." or 107# "www.something..." then that will be use for the error string for the matching A record. 108# Otherwise, the error string below will be appended to the whatever TXT is returned by the 109# DNSBL. If no TXT is returned, then the "reason" code from the "accept" line for the matching 110# 127.0.0.X code will be use and the error code below will be appended. 111# 112# If the error string ending matches /\?.+=$/ or /\?$/ 113# then the offending IP address will be automagically added 114# 115# error => 'IP address blocked, see http://www.somehost.com?ip=', 116# 117# expire => '7d', # optional default expiration if DNSBL can not be reached 118# # may be specified in any combination of seconds, minutes, hours, days, weeks 119# # i.e. 604800 or 604800s, 10080m, 168h 120# # 1w 3d 121# 122# timeout => 30, # default seconds to wait for dnsbl query to timeout 123 124# WARNING!! The default timeout in sendmail for DNS queries is "5 seconds" 125# If this configuration is used with Net::DNSBL::MultiDaemon it is 126# recommended that the timeouts here be set to 5 seconds and that the 127# timeout parameter in the SENDMAIL m4 configuration build file for lookups be 128# extended to at least 15 seconds -- particularly if you invoke reverse lookups 129# with the in-addr.arpa parameter below. 130# 131# define(`confTO_RESOLVER_RETRANS_FIRST', `15s')dnl 132# or 133# define(`confTO_RESOLVER_RETRANS', `15s')dnl 134# 135# see: http://www.sendmail.org/m4/tweaking_config.html 136# 137# Similar precautions must be taken for other MTA's 138# 139 140# list of RHBL's here: http://spamlinks.net/filter-dnsbl-lists.htm 141 142# working, sample file entries 143 144 145#127.0.1.2 spam domain 146#127.0.1.3 spammed redirector domain 147#127.0.1.4-.19 spam domain (future use) 148#127.0.1.20-.39 phish domain (future use) 149#127.0.1.40-.59 malware domain (future use) 150#127.0.1.255 IP queries prohibited! 151 152# test as: dbltest.com.dbl.spamhaus.org 153# 154 'dbl.spamhaus.org' => { # see http://www.spamhaus.org/dbl/ 155# acceptany => 'any response is valid', 156# or accept a subset 157 accept => { 158# each IP must go in one at a time 159 '127.0.1.2' => 'spam domain', 160 '127.0.1.3' => 'spammed redirector domain', 161# '127.0.1.4-.19' spam domain (future use) 162# '127.0.1.20-.39' phish domain (future use) 163# '127.0.1.40-.59' malware domain (future use) 164# '127.0.1.255' IP queries prohibited! 165 }, 166 error => 'listed in dsb.spamhouse.org', 167 expire => '5d', 168 timeout => '15', 169 comment => '127.0.1.2 -> 127.0.1.255', 170 url => 'http://www.spamhaus.org/dbl/', 171 }, 172 173# test as: test.surbl.org.multi.surbl.org 174# 175 'multi.surbl.org' => { # see surbl.org 176 # set multi.surbl.org bit mask 177 # 2 = comes from SC 178 # 4 = comes from WS 179 # 8 = comes from PH 180 # 16 = comes from OB (OB is deprecated as of 22 October 2012.) 181 # 16 = comes from MW (MW active as of 1 May 2013.) 182 # 32 = comes from AB 183 # 64 = comes from JP 184 acceptmask => 0xDE, 185 # mark as URBL 186 urbl => 1, 187 error => 'listed in multi.surbl.org', 188 expire => '5d', 189 timeout => '15', 190 comment => '127.0.1.1 -> 127.0.1.255', 191 url => 'http://surbl.org/', 192 }, 193 194# testpoints (2.0.0.127 and test.uribl.com) are the 195# only items that are cross listed 196# test as: test.uribl.com.multi.uribl.com 197# 198 'multi.uribl.com' => { # see www.uribl.com 199 # set multi.uribl.com bit mask 200 # 1 00000001 Query blocked, possibly due to high volume 201 # 2 00000010 black 202 # 4 00000100 grey 203 # 8 00001000 red 204 # 14 00001110 black,grey,red (for testpoints) 205 acceptmask => 0x2, 206 # do NOT mark as URBL 207 error => 'listed in multi.urbl.com', 208 expire => '5d', 209 timeout => '15', 210 comment => '127.0.1.1 -> 127.0.1.255', 211 url => 'http://www.uribl.com/', 212 }, 213 214# rhbl list http://spamlinks.net/filter-dnsbl-lists.htm#domain 215# potential, contact before using 216# rhsbl.ahbl.org 217}; 218